You are here

AlphaCom XE server system
"We’ve kept IP security at the forefront for 11 years and, in 2010 we were the first IP intercom vendor to implement IEEE 802.1X network access control."
Cybersecurity Leadership
Thomas Hægh, Chief Technology Officer
Thomas Hægh - CTO Zenitel
The Zenitel Cybersecurity Hardening Guide is based on the CIS® Controls.
It combines our experience applying the best practices developed by CIS to support end users and integrators to build a good cyber defense.

Zenitel`s commitment to Cybersecurity

Zenitel has a long-standing commitment to Cybersecurity, and we are proud to cooperate with CIS’s efforts. We design each of our solutions from the outset with defensibility in mind.

Our integrated, type-approved and certified products and systems for Communication, Data, Safety and Entertainment have earned the reputation as the most flexible, reliable and advanced communication systems available.  We provide regular product security updates as needed and alert our customers to any recently addressed risks via technical bulletins.

Because we have control of our software and hardware products, we can better guard against cyber threats. When issues do arise, we provide responsive support.

Secure communications over IP

IP networking has become the communication technology of choice for newly deployed security systems. Vingtor-Stentofon has introduced a set of advanced networking and security functions in its IP station range to optimize the deployment of IP security devices such as IP intercom and CCTV cameras. These new functions provide:

  • Protection from unwanted access
  • Quality of Service (QoS) by managing data traffic
  • increased system availability through redundant LAN infrastructure
  • Cost efficient installation by providing shared network connections through the integrated data switch

Network Access Control (IEEE 802.1X)

Vingtor-Stentofon has built the IP intercom station to conform to the same standard that is used for the protection of wireless networks, i.e. IEEE802.1x. IEEE 802.1X is an IEEE Standard for portbased Network Access Control (“port” here means a single point of attachment to the LAN infrastructure). It is part of the IEEE 802.1 group of networking protocols.

It provides an authentication mechanism to devices wishing to attach to a LAN; it either establishes a point-to-point connection on authentication or it prevents such a connection if authentication fails. It is used for most wireless 802.11 access points and is based on the Extensible Authentication Protocol (EAP). Upon detection of the new client (supplicant), the port on the switch (authenticator) is enabled and set to the “unauthorized” mode.

In this state, only 802.1X traffic is allowed; other traffic, such as DHCP and HTTP, is blocked at the network layer (Layer 3). The authenticator sends out the ‘EAPRequest identity’ to the supplicant and the supplicant responds with the ‘EAPresponse packet’ that the authenticator forwards to the authenticating server. If the authenticating server accepts the request, the authenticator sets the port to the “authorized” mode and normal traffic is allowed. When the supplicant logs off, it sends an EAP-logoff message to the authenticator. The authenticator then sets the port back to the “unauthorized” mode, once again blocking all non-EAP traffic.

Regarding authentication using the 802.1x protocol, this is supported:

  • In INCA stations as from firmware 1.09.3.0 (Nov 2009).
  • In Turbine stations in all firmware versions.

Staying one step ahead of hackers

For Zenitel, Cybersecurity is embedded in all that we do. We run regular vulnerability scans on our software to detect if there are any security holes which might be vulnerable to exploitation. These scans helps to identify any weaknesses before they become issues for concern and provides an overview of effective countermeasures that can be taken.

Should any issues arise as the result of a scan, then as the producer of our own software, we are able to immediately install security patches. These patches are pieces of software designed to fix the security vulnerabilities and any other bugs. They also improve the overall usability and performance of the software.

This forms part of our software lifecyle management. We test and maintain our software constantly, both internally and externally. Any vulnerabilities are fixed and a new version of our software is released to offer our customers a level of cyber defense that is responsive to the changes. We then continue to test the new software and repeat the process, to ensure our software constantly evolves to be able to withstand the increasing complexity of cyber attacks

SSL/TLS (encryption for TCP/IP 

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), both frequently referred to as "SSL", are cryptographic protocols that provide communications security over a computer network.[1] Several versions of the protocols find widespread use in applications such as web browsing, email, Internet faxing, instant messaging, and voice-over-IP (VoIP). Websites are able to use TLS to secure all communications between their servers and web browsers (source https://en.wikipedia.org/wiki/Transport_Layer_Security)

First back in 2006, Zenitel implemented SSL version 0.9.8b (as this was current version in 2006). Since then, we have made regular upgrades to help provide privacy and data integrity between your communicating computer applications. The hacking community has always been after finding vulnerabilities with this protocol and ways to break it. Due to this the industry is constantly updating SSL/TLS to remove vulnerabilities.

For Vingtor-Stentofon IP stations we make sure to have the most up-to-date OpenSSL versions implemented:

Defensibility – at the core of all we do

We feel that strong cybersecurity controls are essential, and we are working to increase awareness the risks, as well as the best practices and protection mechanisms available today. Our solutions comply with stringent IT requirements for mission-critical systems: that is, they are highly available, reliable, scalable and maintainable, whilst also providing adequate defense from outside threats and attacks.

View download security hardening guide banner picture